Resource Menu


RE : Security of LibreSource
posted by Guest at Jan 11, 2006 12:22 PM
Quote
Moreover, be aware that your password is stored in your local workspace in the so6.properties file. It can be decoded using a Base64 decoder. Thus, you might also consider to protect your .so6 subdirectory.
RE : Security of LibreSource
posted by Rüdiger Lincke at Jan 11, 2006 12:22 PM
Quote
Thank you for the information.
RE : Security of LibreSource
posted by Sebastien Jourdain at Jan 11, 2006 12:22 PM
Quote
Hello Rüdiger,

We use the Basic authentication system, so it's possible to retreive your password if you listen the tcp packet of the network.

But it's possible to use the SSL connection of Tomcat. Then any web access will be secured.

But there is no Synchronizer client that support SSL, except in our enterprise version.

Concerning the data stored in the database, it's impossible to retreive your real password. Only a hash is stored.

After it's up to you. But, on the web I always use another password.

Artenum team
Security of LibreSource
posted by Rüdiger Lincke at Jan 11, 2006 12:22 PM
Quote
Hello,

I just wonder, how security in LibreSource is handled. Are the user accounts save, I mean when I log in, it is not a SSL secured connection, so it could be possible to see my password as plain text and though retrieve my username and password.

Is it secure to use our local passwords? Or should be use different passwords for our LibreSource accounts? (I know you should have basically for every account a separate password)